News

A class-action lawsuit filed against Lenovo® and Superfish in February 2015 reportedly has led the PC maker to begin issuing fixes to remove Superfish applications and certificates from its hardware. Reports indicate Lenovo® had been preloading the Superfish Visual Discovery application onto its PCs, making them vulnerable to malicious attacks. This is because Superfish installed a root certificate that acted as a proxy for the Windows® OS certificate, intercepting the HTTP Secure (HTTPS) connection. Superfish could then insert product ads into a user’s search results, which might display sites with trusted or fake certificates. Superfish also used the same RSA key on all installations making users even more vulnerable to attack if the key ever was cracked.

News of the Month

Can you imagine a single received MMS could allow hackers to access all your data on your phone? Meet Stagegright, the exploit that is a threat for 950 million smartphones with Android. Vulnerability like this is very dangerous because it does not require any action by the victim - all the hacker needs to compromise your smarthphone is your phone number.